Network Scanning Phases and Supporting ToolsJoseph Bugeja
This presentation focuses on the network penetration scanning phase. It introduces tools and techniques that professional pen-testers and ethical hackers need to master to find target machines, openings on those targets and vulnerabilities.
This presentation is a live demonstration of how to use Packet Sender plus Wireshark (both utilities are open source and free) to reverse engineer a black box networked device (for this demonstration, a Raspberry Pi running custom TCP and UDP servers). After the box’s capabilities are acquired, it can then be extended by Packet Sender. Then a second demonstration will be performed that discovers malware on the box, and its deliverable will be captured.
Throughout the demonstration, ideas with regards to network programming will be discussed. Anybody who is interested in developing network code is encouraged to attend. If there is time, Q&A will follow.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
OSINT RF Reverse Engineering by Marc NewlinEC-Council
IoT devices frequently include obscure RF transceivers with little or no documentation, which can hinder the reverse engineering research process. Fortunately, regulatory bodies like the United States’ FCC contain a wealth of useful information.
In order to certify wireless devices for sale in different markets, manufacturers must submit their products to test labs which evaluate the behavior of their RF emissions. The test reports often contain detailed physical layer operating characteristics, including RF channels, modulation, and frequency hopping behavior.
By translating regulatory test reports into GNU Radio flow graphs, a researcher is able to focus their efforts on understanding packet formats and protocol behavior instead of grinding away at the physical layer. In this talk, I will discuss the techniques I used while researching the MouseJack vulnerabilities, which allowed me to expedite the process of evaluating a large number of vulnerable devices.
Talk Outline
Overview of various regulatory bodies (FCC, KCC/MSIP, IC, etc), and the data they make publicly available
Discussion of the official and third party tools to query regulatory bodies for specific device information
Using internal device photos from regulatory bodies to identify transceiver part numbers
Using test reports to identify physical layer operating characteristics
Building a GNU Radio flow graph based on information gathered from regulatory test reports or transceiver spec sheets
Sniffing device traffic, inferring operating behavior, and building out a model of the device communication protocol
In this talk, we discuss white box cryptography, a technique used to protect cryptographic keys from a local attacker. In keeping with the theme of building and breaking security, we will discuss the challenges involved in building a white-box crypto system.
This slideshow shows the threat ARP poisoning poses by allowing Packet sniffing attacks using Wireshark on a college network and provides possible mitigation action for the vulnerability
A college class in Network Security Monitoring at CCSF, based on "The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34
Course website: https://samsclass.info/50/50_F17.shtml
Wi-Fi (or WiFi) is a local area wireless computer networking technology that allows electronic devices to network, mainly using the 2.4 gigahertz (12 cm) UHF and 5 gigahertz (6 cm) SHF ISM radio bands.
The Wi-Fi Alliance defines Wi-Fi as any "wireless local area network" (WLAN) product based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards".[1] However, the term "Wi-Fi" is used in general English as a synonym for "WLAN" since most modern WLANs are based on these standards. "Wi-Fi" is a trademark of the Wi-Fi Alliance. The "Wi-Fi Certified" trademark can only be used by Wi-Fi products that successfully complete Wi-Fi Alliance interoperability certification testing.
Many devices can use Wi-Fi, e.g. personal computers, video-game consoles, smartphones, digital cameras, tablet computers and digital audio players. These can connect to a network resource such as the Internet via a wireless network access point. Such an access point (or hotspot) has a range of about 20 meters (66 feet) indoors and a greater range outdoors. Hotspot coverage can be as small as a single room with walls that block radio waves, or as large as many square kilometres achieved by using multiple overlapping access points.
Depiction of a device sending information wirelessly to another device, both connected to the local network, in order to print a document.
Wi-Fi can be less secure than wired connections, such as Ethernet, precisely because an intruder does not need a physical connection. Web pages that use TLS are secure, but unencrypted internet access can easily be detected by intruders. Because of this, Wi-Fi has adopted various encryption technologies. The early encryption WEP proved easy to break. Higher quality protocols (WPA, WPA2) were added later. An optional feature added in 2007, called Wi-Fi Protected Setup (WPS), had a serious flaw that allowed an attacker to recover the router's password.[2] The Wi-Fi Alliance has since updated its test plan and certification program to ensure all newly certified devices resist attacks .
Network Scanning Phases and Supporting ToolsJoseph Bugeja
This presentation focuses on the network penetration scanning phase. It introduces tools and techniques that professional pen-testers and ethical hackers need to master to find target machines, openings on those targets and vulnerabilities.
This presentation is a live demonstration of how to use Packet Sender plus Wireshark (both utilities are open source and free) to reverse engineer a black box networked device (for this demonstration, a Raspberry Pi running custom TCP and UDP servers). After the box’s capabilities are acquired, it can then be extended by Packet Sender. Then a second demonstration will be performed that discovers malware on the box, and its deliverable will be captured.
Throughout the demonstration, ideas with regards to network programming will be discussed. Anybody who is interested in developing network code is encouraged to attend. If there is time, Q&A will follow.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
OSINT RF Reverse Engineering by Marc NewlinEC-Council
IoT devices frequently include obscure RF transceivers with little or no documentation, which can hinder the reverse engineering research process. Fortunately, regulatory bodies like the United States’ FCC contain a wealth of useful information.
In order to certify wireless devices for sale in different markets, manufacturers must submit their products to test labs which evaluate the behavior of their RF emissions. The test reports often contain detailed physical layer operating characteristics, including RF channels, modulation, and frequency hopping behavior.
By translating regulatory test reports into GNU Radio flow graphs, a researcher is able to focus their efforts on understanding packet formats and protocol behavior instead of grinding away at the physical layer. In this talk, I will discuss the techniques I used while researching the MouseJack vulnerabilities, which allowed me to expedite the process of evaluating a large number of vulnerable devices.
Talk Outline
Overview of various regulatory bodies (FCC, KCC/MSIP, IC, etc), and the data they make publicly available
Discussion of the official and third party tools to query regulatory bodies for specific device information
Using internal device photos from regulatory bodies to identify transceiver part numbers
Using test reports to identify physical layer operating characteristics
Building a GNU Radio flow graph based on information gathered from regulatory test reports or transceiver spec sheets
Sniffing device traffic, inferring operating behavior, and building out a model of the device communication protocol
In this talk, we discuss white box cryptography, a technique used to protect cryptographic keys from a local attacker. In keeping with the theme of building and breaking security, we will discuss the challenges involved in building a white-box crypto system.
This slideshow shows the threat ARP poisoning poses by allowing Packet sniffing attacks using Wireshark on a college network and provides possible mitigation action for the vulnerability
A college class in Network Security Monitoring at CCSF, based on "The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34
Course website: https://samsclass.info/50/50_F17.shtml
Wi-Fi (or WiFi) is a local area wireless computer networking technology that allows electronic devices to network, mainly using the 2.4 gigahertz (12 cm) UHF and 5 gigahertz (6 cm) SHF ISM radio bands.
The Wi-Fi Alliance defines Wi-Fi as any "wireless local area network" (WLAN) product based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards".[1] However, the term "Wi-Fi" is used in general English as a synonym for "WLAN" since most modern WLANs are based on these standards. "Wi-Fi" is a trademark of the Wi-Fi Alliance. The "Wi-Fi Certified" trademark can only be used by Wi-Fi products that successfully complete Wi-Fi Alliance interoperability certification testing.
Many devices can use Wi-Fi, e.g. personal computers, video-game consoles, smartphones, digital cameras, tablet computers and digital audio players. These can connect to a network resource such as the Internet via a wireless network access point. Such an access point (or hotspot) has a range of about 20 meters (66 feet) indoors and a greater range outdoors. Hotspot coverage can be as small as a single room with walls that block radio waves, or as large as many square kilometres achieved by using multiple overlapping access points.
Depiction of a device sending information wirelessly to another device, both connected to the local network, in order to print a document.
Wi-Fi can be less secure than wired connections, such as Ethernet, precisely because an intruder does not need a physical connection. Web pages that use TLS are secure, but unencrypted internet access can easily be detected by intruders. Because of this, Wi-Fi has adopted various encryption technologies. The early encryption WEP proved easy to break. Higher quality protocols (WPA, WPA2) were added later. An optional feature added in 2007, called Wi-Fi Protected Setup (WPS), had a serious flaw that allowed an attacker to recover the router's password.[2] The Wi-Fi Alliance has since updated its test plan and certification program to ensure all newly certified devices resist attacks .
Slides for a college course in "Advanced Ethical Hacking" at CCSF. Instructor: Sam Bowne
Course Web page:
https://samsclass.info/124/124_F17.shtml
Based on "Penetration Testing: A Hands-On Introduction to Hacking" by Georgia Weidman -- ISBN-10: 1593275641, No Starch Press; 1 edition (June 8, 2014)
Packet Analysis - Course Technology Computing Conference
Presenter: Lisa Bock - Pennsylvania College of Technology
Most network administrators are well-versed in hardware, applications, operating systems, and network analysis tools. However, many are not trained in analyzing network traffic. Network administrators should be able to identify normal network traffic in order to determine unusual or suspicious activity. Network packet analysis is important in order to troubleshoot congestion issues, create firewall and intrusion detection system rules, and perform incident and threat detection. This hands-on presentation will review fundamental concepts necessary to analyze network traffic, beginning with an overview of network analysis, then a review the TCP/IP protocol suite and LAN operations. Participants will examine packet captures and understand the field values of the protocols and as to what is considered normal behavior, and then examine captures that show exploits, network reconnaissance, and signatures of common network attacks. The program will use Wireshark, a network protocol analyzer for Unix and Windows, to study network packets, look at basic features such as display and capture filters, and examine common protocols such as TCP, HTTP, DNS, and FTP. Time permitting, the presentation will provide suggestions on how to troubleshoot performance problems, conduct a network baseline, and how to follow a TCP or UDP stream and see HTTP artifacts. Participants should have a basic knowledge of computer networking and an interest in the subject.
Improved Applications with IPv6: an overviewCisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. Deployment of IPv6 is rapidly expanding. Support for IPv6 in applications is lagging behind. Vendors such as Apple are taking steps to rectify this situation and raise awareness to the problem. The session explains why this evolution happens now, including looking at Cisco collected adoption statistics and how IPv4 address exhaustion issues affect application performance. The majority of the session focuses on how applications should adopt and support IPv6. We start with simple dual-stack IPv4/IPv6 support in applications for different operating systems to achieve functional parity with IPv4. We then discuss some of the more interesting ways of delivering applications which are only feasible with IPv6 and we explain how they can help to improve application functionality. The session includes aspects such as utilizing multiple IPv6 addresses, "happy eyeball" techniques, using different type of IPv6 addresses and more. The session will discuss existing and evolving technologies.
This slide deck covers Networking Fundamentals, Various Penetration testing standards, OWASP TOP 10 Vulnerabilities of Web Application and the Lab Setup required for Penetration testing.
Ever wanted to find out someone’s IP address online? Of course you have! Tracing “calls” on the Internet is much more complicated than on the plain old telephone network. This expose` includes a history of traditional techniques used to discover the IP address of a target user in: chat rooms, forums and other types of social networking sites. Attention will be centered around a fundamental weakness in the IRC protocol that allows client IP addresses to be determined. Proof-of-concept samples targetting multiple IRC daemons will be released. Prizes will be awarded to the most interesting submissions for an online edition of ‘Spot The Fed.’
Bio: At the time of writing, Derek is currently an independent security contractor (and in the past for @stake and Symantec.) He’s written various tool packages including a Linux stealth patch to evade nmap’s transport layer OS detection as well as porkbind, a nameserver security scanner. In 2007, he won Cenzic’s SANS contest.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
2. ARP
• Address Resolution Protocol
• RFC 826 (1982)
• “IP Address to MAC Address for Ethernet”
• Request <=> Reply
• Response is cached
3. ARP - PROBLEMS
• Entries are simple mappings
• Stateless
• No authentication
• Ethernet stack depends heavily on ARP
4. ARP SPOOFING
• Client in a network sends
spoofed ARP messages
• Other clients update their
ARP mappings
• Traffic is sent to the
malicious client
Wikipedia: 0x55534C
5. ETTERCAP
“Ettercap is a comprehensive suite for man in the middle
attacks. It features sniffing of live connections, content filtering
on the fly and many other interesting tricks. It supports active
and passive dissection of many protocols and includes many
features for network and host analysis.”
www.ettercap-project.org
6. ETTERCAP
• Open Source;Works on *nix
• Provides (almost) everything required for a MITM
attack
• Scan,Attack, Capture, Filter, Restore, …
• MITM:ARP Poisoning, ICMP Redirection, DHCP
Spoofing, Port Stealing, …